Best practices for allowing a contractor/partner limited access to an Aegir server?

Tagged:

I'm working with a contractor/partner and I would like to grant them access to the Aegir server to do a couple things:

1.) Download backups for them to use during development.

2.) Add new "make" files to the server to be able to deploy their changes without my intervention.

I tried to create an SSH user for them and changed permissions on the /var/aegir/backups then added a symlink to it from the home folder of the new user. I did the same for a make file directory we use for creating new platforms. This worked fine until Aegir created a new backup and changed all the permissions on both folders, locking the contractor out. I don't want to give them root access or access using the Aegir user.

What are the best practices for dealing with a situation like this? Does anyone have any recommendations to solve this?

Thanks in advance!